SpamCannibal - How It Works
SpamCannibal is a free software toolkit to help stop UBE (Unsolicited Bulk Email), UCE (Unsolicited Commercial Email), and other spam from reaching your mail server. A subset of SpamCannibal's modules can be used to mount and effective defense against DoS attacks. SpamCannibal is published under the GNU General Public License and is available for download from CPAN. For specific download instructions and links, click the Download link.
SpamCannibal's primary functional modules are:
How does SpamCannibal Work?
The SpamCannibal tool suite uses the Berkeley DB database found on almost all unix based operating systems. It maintains four database files; 'tarpit', 'archive', 'blcontrib', and 'evidence'.
What's a TARPIT and how does it work?
A TCP/IP tarpit is a program that sets the flow control settings to inhibit communication rather than facilitate it. It sets the packet data and packet window size parameters to very low values which slows the transmission rate to a trickle. Then it never acknowledges packets, so transmission will be retried over and over, ideally bringing the transmitting program (the spam server, scanning tool or worm) to a virtual halt for several hours or perhaps indefinitely. Tarpits maintained on our firewall servers hold some threads for months.
More information on tarpits is available on the labrea, Sourceforge labrea, and LaBrea::Tarpit websites at: http://www.hackbusters.net/LaBrea http://sourceforge.net/projects/labrea/ http://scans.bizsystems.net ...these sites are required reading.
To install Mail::SpamCannibal, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mail::SpamCannibal
CPAN shell
perl -MCPAN -e shell install Mail::SpamCannibal
For more information on module installation, please visit the detailed CPAN module installation guide.